SERVAS! Secure Enclaves via RISC-V Authenticryption Shield
نویسندگان
چکیده
Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, powerful enclaves. Moreover, we facing an increased need for physical protection, e.g., via transparent encryption, resulting in complex interplay of various mechanisms. In this work, tackle the isolation challenge new extensible primitive called authenticryption shield that unifies policies. By using authenticated streamline reasoning towards cryptographic guarantees. We showcase versatility our approach by designing prototyping SERVAS – novel enclave architecture RISC-V. facilitates efficient secure sharing mechanism. While encryption constitutes main overhead, invoking requires only 3.5x simple syscall instead 71x Intel SGX.
منابع مشابه
Improving Cloud Security using Secure Enclaves
Improving Cloud Security using Secure Enclaves by Jethro Gideon Beekman Doctor of Philosophy in Engineering – Electrical Engineering and Computer Sciences University of California, Berkeley Professor David Wagner, Chair Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about ...
متن کاملEnclaves: Enabling Secure Collaboration Over the Internet
The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the net, users often have to rely on rewalls to protect their connections. Firewalls, however, make real-time interaction and collaboration more diicult. Firewalls are also complicated to conngure and expensive to install and maintain, and are inaccessib...
متن کاملSecure agent data integrity shield
In the rapidly expanding field of E-Commerce, mobile agent is the emerging technology that addresses the requirement of intelligent filtering/processing of information. This paper will address the area of mobile agent data integrity protection. We propose the use of Secure Agent Data Integrity Shield (SADIS) as a scheme that protects the integrity of data collected during agent roaming. With th...
متن کاملHacking in Darkness: Return-oriented Programming against Secure Enclaves
Intel Software Guard Extensions (SGX) is a hardwarebased Trusted Execution Environment (TEE) that is widely seen as a promising solution to traditional security threats. While SGX promises strong protection to bugfree software, decades of experience show that we have to expect vulnerabilities in any non-trivial application. In a traditional environment, such vulnerabilities often allow attacker...
متن کاملSecure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture
This manuscript is the first in a two part survey and analysis of the state of the art in secure processor systems, with a specific focus on remote software attestation and software isolation. This manuscript first examines the relevant concepts in computer architecture and cryptography, and then surveys attack vectors and existing processor systems claiming security for remote computation and/...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2021
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-88428-4_19